.

HackaServer - Anyone tried it?

<<

jrdoty

User avatar

Newbie
Newbie

Posts: 17

Joined: Sun Dec 09, 2012 8:43 pm

Post Wed Apr 10, 2013 2:49 pm

HackaServer - Anyone tried it?

Has anyone tried hackaserver.com?

I believe they are fairly new.  It is supposed to be crowd-sourcing pen testing.  I'm not positive how it works for the Sys Admin but for pen testers you sign up, prove you have the skills and you can pen test for money.  Kind of like bugcrowd.com.

I'm curious if anyone has had any experience with these guys.
<<

Jamie.R

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Mon Aug 06, 2012 9:57 am

Location: UK

Post Fri Apr 12, 2013 4:02 am

Re: HackaServer - Anyone tried it?

I have not used it but would think it work the same way as bug crowd.

You sign up as pen tester
find issue and report them
client get report with all issue found by everyone
You get paid for issue you find as long as your the first person to find it and its in scope.
| OSWP | eCPPT Silver and Gold | eWPT |

I'm an InterN0T'er
<<

impelse

Hero Member
Hero Member

Posts: 585

Joined: Mon Feb 16, 2009 3:40 pm

Post Fri Apr 12, 2013 10:33 am

Re: HackaServer - Anyone tried it?

I tested the training area only, there a lot of virtual machines that the users created and leave it without any configuration, only ssh.

I never attempt the certification to begin to get paid for the attacks.
CCNA, Security+, 70-290, 70-291
CCNA Security
Taking Hackingdojo training

Website: http://blog.thehost1.com/
<<

kerosen

Newbie
Newbie

Posts: 6

Joined: Tue Jun 05, 2012 5:18 am

Post Sun Apr 14, 2013 4:40 am

Re: HackaServer - Anyone tried it?

Hi Everybody,

Marius Corici is my name "I'm guilty as charge" for HackaServer project and for that I'll answer to you guys.

@jrdoty. We've started the project in 2011 (the idea) and get live on March 2012. For everybody works the same no matter if you are a sysadmin or a pentester. We didn't differentiate pentester from sysadmins as a anonymity measure in worst case scenario. We do encourage anonymity. Beside that, to build a server on our infrastructure, of course you'll need an account too.
Indeed looks like bucrowd (they came out after us) but not quite. While they are a simply Bug Bounty Program as a Service, HackaServer it's a Bug Bounty Program as a Platform. That means we do offer IaaS to protect your real identity, your infrastructure and and your hardware and financial resources. You can read more about difference between BBP as a Service and BBP as a Platform on our blog. http://blog.hackaserver.com/bug-bounty-programs-part-2/

@Jamie.R +1 One small detail. You sign up as a Hackaserver user no matter if you want to find bugs on others or you want to build your setup to be tested.


@impelse Training Arena it's there as a sand box for sys admins in order to experience how it works. On Training Arena, everybody can experiment with deploy or pentests.

@Jamie.R Indeed most of the servers in Training Arena are without any configuration. However you can use Metasploitable and Wordpress servers to see how and what. They are fully prepared. In fact at this time in our infrastructure are 540 build servers and only ~40 deployed in Training Arena.

Any questions? Glad to answer.

Cheers,

Marius
Last edited by kerosen on Sun Apr 14, 2013 4:42 am, edited 1 time in total.

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 3 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software